![]() The backdoor uses a smart trick on NT by constantly changing its PID (process ID) and by creating the additional process of itself that will keep the backdoor alive even if one of the processes is killed. After that the BO2K will be active in memory each time Windows starts and will provide access to the infected system for hackers who have the client part and the correct password.īeing active the server part can hide its process or prevent its task to be killed from Task Manager (on NT). Then the file from which the server part started can be deleted (if it was specified during configuring). Under Windows NT the execution string is written to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Under Windows 95/98 server execution string is written to: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices to install itself hideously to someone's system it writes itself to \Windows\System\ or \WinNT\System32\ folders under a name specified during configuration (default is UMGR32.EXE). ![]() When the server part is configured to act like a trojan i.e.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |